package mybbs;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.DynaActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import javax.servlet.http.HttpSession;
public final class LockUserAction extends Action {
  public ActionForward execute(
      ActionMapping mapping,
      ActionForm form,
      HttpServletRequest request,
      HttpServletResponse response) throws Exception {

    CAEncode encode = new CAEncode();
    String PageForward;
    HttpSession session = request.getSession(true);
    int power = 0;
    if (session.getAttribute("userpower") != null) {
      power = Integer.parseInt( (String) session.getAttribute("userpower"));
    }
    try {
      DBConn conn = new DBConn();
      DynaActionForm userform = (DynaActionForm) form;
      String action = (String) userform.get("action");
      String ref = (String) userform.get("ref");
      String var = encode._conv( (String) userform.get("var"));
      String sql="";
      if(ref.equals("userid")){
        sql="UPDATE bbsuser SET islock=1 WHERE id='"+var+"'";
      }
      if(ref.equals("nickname")){
        sql="UPDATE bbsuser SET islock=1 WHERE nickname='"+var+"'";
      }
      if (power > 10 ) {
        if (action.equals("1")) {
          conn.update(sql);
        }
        if (action.equals("2")) {
          conn.update("UPDATE bbsuser SET islock=0 WHERE id='"+request.getParameter("userid")+"'");
        }
      }
      conn.DBclose();
      PageForward = "userlocked";
    }
    catch (Exception e) {
      PageForward = "global";
      request.setAttribute("throw", e.toString());
    }
    return mapping.findForward(PageForward);
  }
}
